Server & Workload Protection supports the use of AWS Config Rules to query the status of your AWS instances. This
can be especially useful if you want to have a centralized view into whether your
instances meet certain compliance requirements.
There are four Lambda functions available from the Deep Security AWS Config Rules Repository on GitHub:
ds-IsInstanceProtectedByAntiMalwarechecks whether the current instance is protected by the Server & Workload Protection Anti-Malware module.ds-IsInstanceProtectedBychecks whether the current instance is protected by any of the Server & Workload Protection protection modules. This is a generic version ofds-IsInstanceProtectedByAntiMalware.ds-DoesInstanceHavePolicychecks whether the current instance is protected by a specific Server & Workload Protection policy.ds-IsInstanceClearchecks whether the current instance has any warnings, alerts, or errors in Server & Workload Protection.
For more information about AWS Config, see the AWS Config section of the Amazon AWS website.